[Audio] Original post on securityboulevard.com

The Hidden Tracking Risk Inside Your Tires In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because...

#Data #Security #IoT #& #ICS #Security […]

[Audio] [Original post on securityboulevard.com]

Twin Peaks: Beyond Life and Death is One of the Best Episodes of the Series Credit to Laura Palmer — Meanwhile (Reversed) After an odd season 2 of Twin Peaks, I was so glad to see the show go back to the old roots ...

Twin Peaks: Beyond Life and Death is One of the Best Episodes of the Series
allthingshorror67.blogspot.com/2026/03/twin...

#twinpeaks #horror #tvshows #tvseries #television #opinion #blogging #bloggers #blogger #blogs #blog #blogpost

What role does innovation play in Agentic AI development? ## How Are Non-Human Identities Shaping Cybersecurity? Have you ever wondered how machine identities are transforming cybersecurity dynamics? Managing Non-Human Identities (NHIs) has emerged as a significant focal point for security experts, especially in cloud environments. When organizations grapple with the complexities of cybersecurity, understanding the nuances of NHI management offers a strategic advantage. ### Decoding Non-Human Identities and Their Relevance Non-Human Identities, often synonymous with machine identities, comprise the digital representations used by machines to interact with systems and networks. These identities are not just a technical construct; they are a combination of encrypted “Secrets” like passwords, tokens, or keys and the permissions granted to these Secrets. Think of them as tourists with passports (identities) and visas (permissions) navigating through the intricate terrains. The importance of NHIs is especially amplified in industries like financial services, healthcare, and DevOps, where securing these identities is critical to safeguarding sensitive data. NHI management goes beyond mere identification; it involves overseeing the entire lifecycle of Secrets, facilitating secure access, and monitoring behavioral patterns to preempt security incidents. ### The Strategic Importance of NHI Management Why is it vital for modern enterprises to prioritize NHI management? * **Reduced Risk:** Effective NHI management reduces the likelihood of breaches and data leaks by proactively identifying and mitigating security gaps. * **Improved Compliance:** Organizations can meet stringent regulatory requirements by enforcing policies and maintaining audit trails. * **Increased Efficiency:** By automating the management of NHIs and Secrets, security teams can redirect focus toward strategic initiatives rather than operational tasks. * **Enhanced Visibility and Control:** Centralized access management and governance provide a comprehensive overview, simplifying control over machine identities. * **Cost Savings:** Automation of secrets rotation and decommissioning reduce operational costs significantly. ### Bridging Security and Research through NHI Management The disconnect between security and Research and Development (R&D) teams often creates vulnerabilities. A robust NHI management framework seeks to bridge this gap by fostering a secure cloud environment that both teams can rely on. The deployment of a well-rounded NHI management platform enables businesses to achieve context-aware security. By offering insights into ownership, permissions, usage patterns, and potential vulnerabilities, these platforms ensure that security measures are not limited to point solutions like traditional secret scanners. ### Innovative Approaches in AI Development and NHI Management Innovation in AI development is not just about creating intelligent algorithms. This innovation also needs to reflect in how digital identities are managed within AI systems. Agentic AI, which represents autonomous and self-governing AI technologies, highlights the need for secure and effective identity management to ensure that autonomous systems are safeguarded against unauthorized access or misuse. For organizations experimenting with innovative AI solutions, integrating robust NHI management into their cybersecurity strategies is crucial. A secure environment nurtures innovation, allowing AI developments to thrive without the constant threat of security breaches. To learn more about cost-effective AI innovation, one can explore the DeepSeek initiative, which is transforming AI development practices. ### Embracing a New Era of Cybersecurity The role of Non-Human Identities in cybersecurity cannot be overstated. By recognizing the need to manage these identities effectively, organizations across various sectors can safeguard sensitive information while boosting operational efficiency. Moreover, with AI continues to evolve, the intersection between Agentic AI innovation and NHI management will become increasingly pertinent, paving the way for a secure and innovative digital future. For those interested in future cybersecurity trends, cybersecurity predictions provide valuable insights into upcoming challenges and strategies. Additionally, understanding good secrets management can further enhance security by optimizing budget allocations wisely. In summary, with cybersecurity challenges continue to evolve, so must the strategies and tools we employ to mitigate risks. Through effective NHI management, not only do organizations protect their digital assets, but they also lay the groundwork for innovation and growth. ## The Multifaceted Impact of Non-Human Identities on Cybersecurity Have you ever pondered the implications of Non-Human Identities (NHIs) on broader cybersecurity? These digital entities are the primary agents in between machines and networks, and their management is crucial for securing modern enterprises, especially those operating within cloud environments. ### Understanding the Lifecycle of Non-Human Identities The lifecycle of Non-Human Identities involves several stages, each critical to ensuring overall cybersecurity. From discovery and classification to governance and monitoring, managing these stages effectively helps organizations maintain control over machine identities. At the initial stage, the focus is on identifying all existing NHIs. These identities, often overlooked, can serve as potential backdoors for adversaries. Discovering them is akin to understanding a city before creating a security perimeter. Following discovery, classification involves categorizing NHIs based on their level of access and sensitivity, enabling organizations to prioritize their protection efforts. Monitoring behavior and access patterns is another pivotal aspect. Much like a vigilant security camera in a physical building, active monitoring allows organizations to discern unusual activity patterns that could signify a breach. Where data breaches can cost millions and tarnish reputations, the value of such preventive measures cannot be overemphasized. ### Strategies for Effective NHI Defense How can organizations fortify their defenses using NHI management? **Regular Audits and Updates:** Conducting frequent audits ensures that the status of NHIs is current and valid. Such audits can identify expired or obsolete identities, which may inadvertently serve as weak points. Updates to access permissions ensure that any changes do not leave identities with inappropriate permissions. **Policy Enforcement:** Implementing stringent policies for NHI creation and management is essential. Policies might dictate who can create new NHIs, the level of permissions automatically assigned, and how quickly outdated NHIs should be decommissioned. Enforcing these policies is akin to upholding the rule of law in a city, creating order and reducing the risk of breaches. **Automated Solutions:** Utilizing automated systems for managing NHIs and secrets can significantly reduce human error, a common pitfall in cybersecurity. Automated solutions provide consistent monitoring and reporting, ensuring anomalies are quickly flagged and addressed. In this light, automated systems act as tireless guards, always vigilant and never off-duty. ### Addressing Challenges in Cloud Security The rise of cloud computing has brought about unique challenges in securing Non-Human Identities. In cloud environments, NHIs often span multiple platforms and services, which increases complexity and the challenge of maintaining secure parameters across diverse technological. One of the primary challenges organizations face is data sovereignty. With data stored across multiple jurisdictions, ensuring compliance with various regional regulations becomes an intricate dance. Here, understanding past cybersecurity leaks can offer valuable lessons. The 2023 cyber incidents underscored the consequences of overlooking NHI management, serving as stark reminders of the importance of holistic strategies in safeguarding data. Additionally, the scalability of NHIs and secrets management when organizations grow further complicates cybersecurity measures. With digital footprints expand, so too does the attack surface. Here, enterprises must couple their growth strategies with robust cybersecurity measures, ensuring that each new component or service integrated into their operations includes a strong focus on NHI management. ### The Road to Proactive Cybersecurity Measures Proactive cybersecurity strategies are becoming imperative. Organizations must anticipate threats and resolve security weaknesses before they can be exploited. By taking a proactive approach, enterprises can shift from a reactive stance—constantly putting out fires—to one that prevents the fires from starting. The integration of advanced AI technologies and NHI management practices can play a formidable role in achieving this proactive stance. The combination allows for more precise threat detection and resolution, with AI systems can identify patterns and anomalies that might elude human analysts. To understand more about how AI is reshaping the field, the AI initiatives at Adobe are paving the way for advanced innovation in digital security practices. **Collaboration Between Teams:** A seamless collaboration between IT, cybersecurity, and R&D teams can foster a shared understanding of potential threats and countermeasures. This synergy ensures a coherent approach to managing NHIs and devising effective strategies to combat cyber threats. ### Future Outlook on NHI Management With cybersecurity evolves, understanding and adapting to emerging trends like Non-Human Identities become even more pivotal. With digital becoming increasingly complex, the strategic management of NHIs will be central to ensuring robust security frameworks that safeguard organizational assets while fostering innovation and growth. Organizations leveraging effective NHI management not only mitigate risks but also position themselves at the cutting edge of technological advancement. By acknowledging the significance of these digital entities, businesses can enhance their security posture and harness opportunities that arise from the convergence of traditional practices with new technologies. Exploring more about how the industry evolves can be beneficial. For instance, looking into the promising strides made by Agentic AI offers a glimpse into the future of machine identity management. Such resources provide a framework for envisioning a more secure and interconnected, driven by the careful orchestration and management of non-human digital actors. The post What role does innovation play in Agentic AI development? appeared first on Entro. *** This is a Security Bloggers Network syndicated blog from Entro authored by Alison Mack. Read the original post at: https://entro.security/what-role-does-innovation-play-in-agentic-ai-development/

What role does innovation play in Agentic AI development? How Are Non-Human Identities Shaping Cybersecurity? Have you ever wondered how machine identities are transforming cybersecurity dynamics? ...

#Security #Bloggers #Network #Agentic #AI #Cybersecurity

Origin | Interest | Match

Writer Marketing Services needs *you* to sign up to host blog tours/release blitzes/cover reveals etc: ht.ly/RZI4u plz RT. #bloggers #blogging #readers #amreading #bookworm

Cybersecurity AI Awareness Training for Texas Government Agencies: How Kratikal’s Threatcop Meets the DIR Mandate The last few big cyberattacks on government organizations all have one thing in common. They started because of something a person did wrong, not because of technology. These cyberattacks occur when an employee clicks a link in an email or answers a strange phone call. Sometimes they even give away information by mistake. So technology is like the line of defense. The mistake people make is usually what makes them vulnerable there. Government employees are not bad at their jobs. That is how cyberattacks work. Hackers know it is hard to get into a computer network. It is much easier to get in if they have an employee to let them in. Government organizations have to deal with cyberattacks, and human error is part of the problem. In this context, Texas DIR has initiated a cybersecurity AI awareness training mandate that considers the human aspect of cybersecurity. This is because it is not only encouraged but also funded. In addition, qualified vendors are certified. Moreover, organizations are held legally accountable for compliance. Kratikal is a cybersecurity company specializing in people-centric solutions. Kratikal designed Threatcop to help organizations address this problem. Threatcop is now one of only five qualified cybersecurity AI awareness training vendors certified by the Texas Department of Information Resources. ## **What Good Cybersecurity Awareness Training Actually Does** An employee may have sat through a phishing awareness video and may even understand the concept. When they are confronted with a real phishing attack amid a busy workday, they may not know how to respond. Knowing about a threat vs knowing what it looks like in a real-world scenario are two different things. A quality security awareness training program bridges the gap between knowing and doing by allowing employees to experience a simulated environment nearly identical to the real thing. They learn not only how to spot attacks but how they are constructed, the psychology that drives them, and how to react. Texas codified this standard into law. Under Section 2054.519, DIR-certified training must build genuine information security habits, teach employees to detect, assess, report, and respond to threats, and reflect current attack methods. That standard rules out a substantial portion of what the training market offers. ## **The Texas DIR Mandate: Who It Covers and What It Requires** Texas Government Code Section 2054.5191 casts a wider net than most agencies initially assume. The covered workforce includes: * All state and local government employees who use computers for at least 25 percent of their job duties * Elected officials at the state and local government levels * Appointed officials across all covered institutions * Contractors with access to any government computer system or database, regardless of how frequently that access is used The institutions subject to this requirement include: * State government agencies and departments * Local governments and county offices * Public universities and community colleges * School districts The annual compliance deadline is August 31. Agencies must submit a signed certification to DIR confirming that all covered personnel have completed an approved training program. The agency is responsible for tracking and documenting the completion of each individual. Many organizations encounter challenges here. DIR’s free training option lacks tracking features and does not issue completion certificates. Agencies must create their own documentation systems. As the August 31 deadline approaches, dispersed completion data increases the risk of inaccurate certification submissions. ## **Threatcop: Built by Kratikal for the Human Attack Surface** Threatcop was created because most attacks start with mistakes. The people who started Kratikal saw that more than 90 percent of successful cyberattacks happen because of human error, such as being careless or not knowing something, or because of social engineering. So they thought there should be a platform that helps people change their behavior during an attack, rather than just watching what is happening on the network. Threatcop aims to change user behavior in response to cyberattacks, which can really help people. The founders of Kratikal wanted Threatcop to focus on the factor in cyberattacks, which is a big part of the problem. The Threatcop training is simulation-based. This is where employees interact with attack scenarios, assess their effectiveness, and develop response patterns to apply in the event of a real attack. It is updated and can be customized to the organization’s threat and environment, and it meets the requirements of Texas Government Code Sections 2054.519, 2054.5191, and 2054.5192. It is created for the public sector and includes: * Recognition of AI-generated phishing campaigns * Identification of deepfake voice impersonation attempts * Awareness of synthetic identity attacks * Understanding of automated social engineering techniques * Data privacy risks associated with generative AI tools * Best practices aligned with Texas DIR compliance requirements * Legal and regulatory considerations around AI usage in government workflows In addition to the Texas-specific program, Threatcop addresses seven attack vectors: email phishing, smishing, vishing, QR code phishing, WhatsApp phishing, attachment phishing, and ransomware simulation. Agencies using Threatcop for DIR compliance establish a security awareness infrastructure that extends beyond annual certification. ## **Why AI Awareness Is Now a Core Part of the Training Requirement** Texas House Bill 3512 established formal guidance on artificial intelligence awareness for government employees. Understanding its importance requires examining how AI has changed the attack landscape. * AI-Generated Phishing: Phishing emails sent five years ago were usually detectable because they lacked proper grammar, used generic salutations, and were unrealistic. Employees could detect this. However, this is no longer true. Phishing emails are now generated using language models and information available online. These emails are highly customized and look legitimate. Phishing emails that mention employees’ positions, their managers’ positions, and their ongoing work do not arouse suspicion. * Deepfake Voice Impersonation: This is a new kind of attack that uses audio synthesis to create realistic voice copies. This can be used to impersonate department heads, IT support personnel, and other top officials. This kind of attack is nearly impossible to detect. * Synthetic Identity Attacks: In this type of attack, cybercriminals create fake professional identities using publicly available information and AI. They gain credibility before asking for access. This kind of attack is initiated long before any suspicious behavior is detected. Threatcop’s training addresses these attack types by explaining their construction, not just their appearance. Employees who understand the mechanics of deepfake impersonation are better prepared to recognize variations than those who have only received general warnings. ## **The Real Gap: Between Compliance and Security** It is important to note that an organization can achieve full DIR compliance by August 31, yet still have a workforce unprepared for future attacks. Compliance training that employees complete solely for documentation purposes does not reliably change their response to real threats, such as phishing emails, unexpected calls requesting access, or inappropriate information requests. The organizations that build genuinely resilient workforces treat cybersecurity awareness training as a continuous operational discipline. They run simulated attack campaigns between training cycles. Also, they track which departments and roles show persistent behavioral gaps. They use that data to target follow-up training where it is actually needed rather than distributing the same module uniformly across the organization. Kratikal designed Threatcop to support this approach. Its simulation capabilities across multiple attack vectors enable organizations to maintain active security awareness. Compliance certification becomes a natural outcome of a program focused on substantive results. The financial rationale is clear. A single successful phishing attack can result in costs far exceeding the annual investment in comprehensive training, including forensic investigations, legal notifications, regulatory reporting, litigation, and reputational damage. Threatcop’s DIR certification removes the vendor qualification question entirely. Agencies do not need to assess whether the platform’s content complies with Texas law. Organizations that select their training platform early and set completion milestones have time to address gaps before certification issues arise. The post Cybersecurity AI Awareness Training for Texas Government Agencies: How Kratikal’s Threatcop Meets the DIR Mandate appeared first on Kratikal Blogs. *** This is a Security Bloggers Network syndicated blog from Kratikal Blogs authored by Shikha Dhingra. Read the original post at: https://kratikal.com/blog/cybersecurity-ai-awareness-training-for-texas-government/

Cybersecurity AI Awareness Training for Texas Government Agencies: How Kratikal’s Threatcop Meets the DIR Mandate The last few big cyberattacks on government organizations all have one thing in c...

#Security #Bloggers #Network #Compliance #Cyber #awareness

Origin | Interest | Match

Twin Peaks Season 2 was a Rollercoaster of Horror and Cliches that Still Finished with a Bang Credit to Under the Sycamore Trees: The Night ‘Twin Peaks’ Went Off the Air I finally understand why Twin Peaks season 2 has been a mix fo...

Twin Peaks Season 2 was a Rollercoaster of Horror and Cliches that Still Finished with a Bang
allthingshorror67.blogspot.com/2026/03/twin...

#twinpeaks #horror #tvshow #tvseries #television #opinion #discussion #davidlynch #blogging #bloggers #blogger #blogs #blog #blogpost

“The best SEO strategy is to focus on the user.” - Marcus Tober

#SEO #Bloggers #Websites

Original post on securityboulevard.com

How adaptable are NHIs in dynamic markets? How Are Non-Human Identities (NHIs) Revolutionizing Cybersecurity? Have you ever wondered how organizations remain secure while using advanced digital tec...

#Security #Bloggers #Network #Identity #and #Access […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

From Data to Intelligence: Why More Signals Don’t Equal Better Security The misconception: more data intelligence equals better security In cybersecurity, there’s a common assumption: More data...

#Security #Bloggers #Network #Blog #/ #Insights […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi Author, Creator & Presenter: Maria Khodak, GWAPT Our thanks to BSidesSLC for publishing their Creators, Authors...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi Author, Creator & Presenter: Maria Khodak, GWAPT Our thanks to BSidesSLC for publishing their Creators, Authors...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Momentum Investing Enhanced by Microsoft Foundry-Hosted Large Language Model LLM-enhanced momentum investing combines traditional momentum signals with real-time news interpretation by large langua...

#R #bloggers

Origin | Interest | Match

Original post on securityboulevard.com

What is Shift Left Security? Gartner predicts that by 2028, cloud computing will be a core business necessity, with global spending expected to surpass $1 trillion. As organizations continue to ado...

#Security #Bloggers #Network #Cyber #Security […]

[Original post on securityboulevard.com]

The Story of George Stinney Jr. George Stinney Jr. was a 14-year-old Black boy from Alcolu, South Carolina, whose wrongful conviction and execution remain one of the m...

#BlackHistory #Injustices #Corruption #Racism #Bloggers #Share #Share #SHARE

maeve-thyre.blogspot.com/2025/02/the-...

RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging # RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging ##### By Byron V. Acohido SAN FRANCISCO — Forty-four thousand cybersecurity practitioners converged on Moscone Center this week with an urgent question: how do you secure a network when everything — the technology, the threats, the tools — is changing faster than anyone can govern it? Microsoft’s Vasu Jakkal set the scale on day one. She noted that IDC projects 1.3 billion AI agents in operation by 2028 — each one requiring the same governance and protection organizations currently apply to human users. That number puts a concrete frame around both waves: the tools needed to defend AI-native infrastructure, and the tools needed to secure AI systems themselves. Neither problem is theoretical anymore. The week’s most unexpected signal came not from the vendor floor but from the main stage, where former New Zealand Prime Minister Jacinda Ardern joined new RSAC CEO Jen Easterly for a conversation on leading through crisis. The message landed differently in this room than it might have elsewhere: the challenge in front of this industry has grown past what any single organization, or any single technology, solves alone. What’s required now is the kind of collective will that Ardern built in the aftermath of Christchurch — clear values, shared purpose, leaders who show up. The tools and practices to respond are further along than the headlines suggest. The cybersecurity industry has always been fast to adapt. What’s different this time is that adaptation can’t happen company by company, SOC by SOC. It has to be built across organizations, disciplines, and technologies simultaneously — and that work is already underway. The tools and practices required to do it look nothing like what worked five years ago. The practitioners on the following pages are working the problem from the inside — each one a piece of what a coordinated response looks like. **Tony Anscombe, Chief Security Evangelist, ESET** Anscombe has spent years pushing a reframe the industry resists: a cyberattack is a business disruption event, not a technical incident, and the tools for managing it should be measured against financial exposure, not threat intelligence. The Jaguar Land Rover ransomware attack makes the case concretely — five weeks of factory shutdown, 5,000 supplier businesses paralyzed, a £1.5 billion UK government bailout. Supply chain risk and business risk are the same risk. He also flagged PromptLock, an NYU academic proof-of-concept for AI-powered ransomware that found its way into the wild. His warning: adversaries are reading the research papers too. **Kevin Surace, CEO, TokenCore** The industry drove attackers to the front door and left it unlocked. That was Surace’s blunt assessment heading into RSAC — and the Tycoon2FA kit validated it: 96,000 successful break-ins before Microsoft dismantled the tool, every one bypassing a legitimate authentication app. When Salesforce and Microsoft mandated MFA, they inadvertently handed attackers a map. TokenCore’s answer is fingerprint-based hardware authentication where biometrics never leave the device, access is proximity-bound, and there is nothing to phish, replay, or socially engineer. Gartner projects the biometric assured identity market at $16 billion within seven years. Surace calls that conservative. **Dwayne McDaniel, Developer Advocate, GitGuardian** GitGuardian’s 2026 State of Secrets Sprawl report delivered the week’s most arresting number: 64 percent of secrets that leaked in 2022 are still valid and exploitable today. The industry has a detection capability. It does not have a retirement discipline. McDaniel’s deeper point is structural — standing privilege is the root flaw. Any entity holding a credential inherits whatever that credential was authorized to do, permanently, until someone actively revokes it. Nobody does. AI-accelerated development is compounding the exposure: commits co-authored by Claude Code are twice as likely to contain leaked secrets. **Amit Sinha, CEO, DigiCert** Sinha The alarmists calling agentic AI an identity crisis are half right — the problem is real, but so is the framework for solving it. AI agents need digital passports: cryptographic, immutable identities that travel with them and can be revoked. The sharper near-term pressure is a mandate most organizations haven’t absorbed. The CA/Browser Forum is shrinking TLS certificate lifetimes from 398 days to 47 — an 8X increase in renewal volume. A bank CSO told Sinha his network already logs three certificate-related outages daily. Without automation, that number becomes one per hour. **Ted Miracco, CEO, Approov** Every mobile API was built around a single assumption: a human being on the other end. Agentic AI has broken that assumption — and Miracco calls the gap it leaves the Agency Gap. Mobile is the least prepared surface for what follows. API keys are compiled directly into app packages, where they’re extractable through standard monitoring tools. Once an attacker has a valid key, an AI agent can replay authenticated requests at machine speed, cycling through permutations indefinitely. Approov’s answer: move secrets off the device entirely, delivering them just-in-time only to verified, untampered apps. **Jamison Utter, Field CISO, A10 Networks** Utter’s framing cut through the noise: language is now an attack surface. Not SQL injection, not malware — language itself. What makes LLMs powerful also makes them vulnerable to semantic manipulation that no existing tool was built to detect. His four words for the moment: machines fighting machines. A10 built its answer in-house — an AI Firewall using a small language model trained on attack data to inspect prompts inbound and responses outbound in real time, at carrier scale. Most guardrail products failed under production load, Utter noted. This one was built to survive it. General availability: April 7. **Rajiv Pimplaskar, CEO, Dispersive** Few practitioners on the floor were tracking Whisper Leak — and that, Pimplaskar suggested, is exactly the problem. The side-channel attack flagged by Microsoft in late 2025 allows a passive listener to infer the content of TLS-encrypted LLM communications by analyzing packet sizes and timing cadence alone. No decryption required. TLS protects the data; it does not hide the pattern. Dispersive’s answer is to make the pattern disappear — splitting and obfuscating traffic across dynamically shifting paths. A multi-month pilot with American Tower just completed, validating the architecture for AI and GPU workloads at the edge. **Hallgrimur (Halli) Bjornsson, CEO, Varist** Varist’s roots trace to Iceland’s Frisk Software — one of the original antivirus pioneers — which means Bjornsson was thinking about malware at machine scale long before most of this week’s vendors existed. The company nearly deleted its decades-deep malware dataset before he recognized what ChatGPT 3 made possible: a strategic training asset, not a storage liability. At RSAC, Varist launched a free community malware scanner powered by its Hybrid Detection Engine, processing files in 8.5 milliseconds versus the 30-minute sandbox defenders have quietly hated for years. AI-generated, self-mutating malware is now confirmed in the wild. **Yogita Parulekar, CEO, InviGrid** Parulekar put it plainly in a brief floor exchange: writing an AI agent has become easy. Deploying it securely is where organizations fall apart. Developers who can build an agent over a weekend expect production deployment at the same speed — but they’re not security engineers and aren’t slowing down to become ones. InviGrid’s platform closes that gap automatically: securing connections, enabling encryption and logging, enforcing least privilege at the moment of deployment, not after. Her read on where things stand: 2025 was AI agent experimentation. 2026 is when enterprises take them to production and discover what they missed. **Mike Bell, CEO, Suzu Labs** Bell’s story is the BYOAI thesis made flesh. A medically retired Army veteran who taught himself AI in his garage, he built a penetration testing integration for PlexTrac, sold it for $100,000, then launched Suzu Labs — now carrying $2.5 million in pipeline across cybersecurity consulting and custom AI deployments. The pitch is precise: enterprises want AI but cannot send proprietary data to OpenAI or Anthropic. Suzu builds localized implementations on open-source models running entirely on client infrastructure. Nothing leaves the building. No outbound API calls. At RSAC, the company swept four Global InfoSec Awards. **Rajeev Raghunarayan, Head of Go-to-Market, Averlon** The remediation gap is not where most security programs are looking for it. Scanners have gotten good at finding vulnerabilities — the failure is everything that happens next: prioritization, context, and fix. Averlon works that second half of the workflow, using AI to determine which findings trace to high-value data and which ones actually need to move. In some deployments, it has cut the critical and high vulnerability workload by 90 to 95 percent. A shift-left capability — intercepting risky code before it commits — entered the market just two months ago. **Noam Issachar, Chief Business Officer, Jazz Security** Jazz Security made the week’s sharpest entrance: walked in with a thesis and walked out with a trophy. Legacy DLP never worked, and AI has made the gap untenable. The startup won the CrowdStrike-AWS-NVIDIA Cybersecurity Startup Accelerator by doing what the old tools couldn’t — understanding not just what data moved, but why, who touched it, and what the intent was. Its agentic investigator, Melody, replaces alert triage with pre-investigated answers. In a world where AI agents reach data across every application layer, context isn’t a nice-to-have. It’s the whole game. **Ambuj Kumar, CEO, Simbian** Simbian arrived at RSAC with two years of momentum behind it and a platform announcement that crystallized what that momentum has been building toward. The unified platform Kumar unveiled brings together three coordinated agents — SOC response, penetration testing, and threat hunting — operating on a shared intelligence layer called the Context Lake, which stores the institutional knowledge security teams usually pass between people. The business case is already in the market: 15x customer growth over the past year. Kumar’s thesis hasn’t shifted — AI agents can outperform L1 and L2 analysts — but at RSAC, the architecture to prove it at scale arrived. * * * Forty-four thousand practitioners came to Moscone with an urgent question. They didn’t leave with an answer — but they left with something more useful: proof that the work is already underway, distributed across dozens of organizations, each building a piece of the response the question demands. The infrastructure is arriving. I’ll keep reporting and keep watching. Acohido _Pulitzer Prize-winningbusiness journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be._ _(**Editor’s note** : I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)_ March 27th, 2026 | My Take | RSAC | Top Stories *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/rsac-2026-no-easy-fixes-for-expanding-ai-attack-surface-but-a-coordinated-response-is-emerging/

RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging SAN FRANCISCO — Forty-four thousand cybersecurity practitioners converged on Moscone Center this w...

#SBN #News #Security #Bloggers #Network #My #Take #rsac #Top #Stories

Origin | Interest | Match

Claude Mythos and the Cybersecurity Risk That Was Already Here On March 26, Anthropic confirmed the existence of Claude Mythos, an unreleased AI model described internally as "a step change"...

#Data #Security #Security #Bloggers #Network #AI #Security […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

BSidesSLC 2025 – LLM-Assisted Risk Management For Small Teams & Budgets Author, Creator & Presenter: Connor Turpin - Cloud Architect And Sysadmin Our thanks to BSidesSLC for publishing th...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Substack Made Simple Part II: Why Your Posts Aren’t Being Found (And Small Fixes That Help) | @BadRedheadMedia.bsky.social vist.ly/4wcaj

How small setup choices affect our discoverability and what to do about it.

#WritingCommunity #Bloggers

Want to host authors on blog tours/release blitzes/cover reveals, etc? Sign up here: ht.ly/RZI4u plz RT. #bloggers #readers #blogging #bookworm

Kobo, Kindle versions now $2!

#booksky #bloggers #podcasters #fantasy #lgbtq #romantasy

Why Learning R is a Good Career Move in 2026 Over the course of my career as a Data Scientist, I’ve worked on projects ranging from simple code reviews, to large application builds. For the most ...

#R #bloggers

Origin | Interest | Match

Original post on securityboulevard.com

How do NHIs deliver value in cloud environments? Are You Leveraging the Full Potential of Non-Human Identities? Non-Human Identities (NHIs) are rapidly gaining importance in digital security, and t...

#Cloud #Security #Security #Bloggers #Network […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

How are NHIs supported in regulatory compliance? Can Effective Non-Human Identity Management Elevate Your Compliance Strategy? The management of Non-Human Identities (NHIs) has become a crucial asp...

#Security #Bloggers #Network #Cloud #Compliance […]

[Original post on securityboulevard.com]

How Did People Assume The Blair Witch Project was Real Footage? Credit to ‘The Blair Witch Project’: Into the Black — Film Daze The Blair Witch Project is considered to be the horror movie that began th...

How Did People Assume The Blair Witch Project was Real Footage?
allthingshorror67.blogspot.com/2026/03/how-...

#horror #horrormovies #movies #films #history #discussion #blogging #bloggers #blogger #blogs #blog #blogpost

Original post on securityboulevard.com

BSidesSLC 2025 – Guerrilla GRC – Helping Small Businesses Get Cyber Smart Author, Creator & Presenter: Joshua Boyles - VP Of Cybersecurity At LHMCO) Our thanks to BSidesSLC for publishing t...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Original post on securityboulevard.com

BSidesSLC 2025 – Guerrilla GRC – Helping Small Businesses Get Cyber Smart Author, Creator & Presenter: Joshua Boyles - VP Of Cybersecurity At LHMCO) Our thanks to BSidesSLC for publishing t...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Kubernetes Upgrades Are Eating Engineering Time: How to Get It Back Kubernetes powers your products, but it quietly hijacks your engineering organization. Every year, you pay senior engineers to wr...

#Security #Bloggers #Network #Managed #Kubernetes

Origin | Interest | Match

Original post on securityboulevard.com

BSidesSLC 2025 – The Evolution of Auth – From Passwords To AI Agents Author, Creator & Presenter: Maya Kaczorowski - Founder of Oblique, Former CPO at Tailscale And Security Lead At GitHub ...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Tenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prom...

#Security #Bloggers #Network

Origin | Interest | Match

Russian bloggers target Trump's mental fitness as president warns Iran time is running out military bloggers are amplifying unverified claims about Trump's mental fitness as the US president says Iran is "strange."

military bloggers are amplifying unverified claims about Trump's mental fitness as the US president says Iran is "strange." Bne IntelliNews #Trump #MentalFitness #Iran #USPolitics #Bloggers